Don’t let hurricanes blow your data away!

“Life is not about sheltering yourselves from the rain, it is about learning to dance in the storm”, goes a popular saying. But, if you are a small business, you first need to shelter your assets from the rain, before you can afford to dance in the storm without a care in the world. Hurricanes, tornadoes and thunderstorms can catch you off-guard resulting in losses worth thousands of dollars. Your inventory may be damaged, your place of business may be flooded and your critical business data lost. While most small businesses do take timely steps to ensure their inventory and place of business are protected from natural disasters, a lot of them tend to overlook the risk such natural disasters pose to their IT infrastructure and data. To many, it doesn’t seem to be that big an issue–and invariably, this is where they go wrong. Data loss due to natural calamity or any other reason can cause significant damage to a business, resulting in extreme consequences such as complete business shutdown. Safeguarding your data shouldn’t be a project you embark upon after a hurricane warning is issued.

In this post we discuss the steps you can take to mitigate the risks natural disasters pose to your data and IT infrastructure.

  1. Recognize the need for data safety, security and recovery in times of disaster.
  2. Bring together your key resources and create a team that’s responsible for implementing your disaster backup and recovery plan.
  3. Identify the key areas that need to be addressed. In the event of a disaster, what are the processes that absolutely need to function to keep your business going and what needs to be done so they still function smoothly?
  4. Prepare a solid disaster recovery-business continuity plan. You can enlist your in-house IT team or bring an MSP onboard to do this.
  5. Create a list of all the software programs, applications and hardware that are critical to your business process
  6. Include floor plans, physical access details, entry-exit security codes etc, pertaining to your place of business in the plan.
  7. Include information about your backups in the disaster recovery and business continuity plan.
  8. Conduct mock drills and audits to ensure your plan is executable and gives you the intended results.

All of this can be overwhelming, especially with a business to run and a Hurricane to watch out for! That’s why most SMBs rely on trusted managed service providers to do it for them, while they focus on their core area–managing their business and customers.

Poison Attacks: A quick overview

Smart technology is everywhere. Not just in our offices, but even in our day-to-day lives with tools like Google Home and Alexa becoming a commonplace. With technology becoming smarter every minute, the risks are increasing by the minute as well. Cybercriminals are finding new ways to corrupt our IT networks to disrupt our businesses, hold our data hostage and even clear our personal bank accounts. Some of the more overt, commonly known acts of cybercrime include hacking, phishing, and ransomware attacks. This blog discusses a lesser-known cybercrime–Poison attacks.

What are Poison attacks
Poison attacks are attacks on the ability of the system to make smart decisions. Think about this. How do systems make intelligent decisions? Based on the training or data they receive. This data is used to hone the artificial intelligence of the system to help make smart decisions. Poison attacks mess the very base–the training data set. Poison attacks basically skew the system’s data model in such a way that the output is no longer as intended. They create a new normal for everything. Poison attacks are primarily backdoor attacks. In a backdoor poison attack, the attacker creates a loophole in the core data rule and trains the system to adhere to that rule so it can be exploited at a later time. For example, let’s say, the access control for a particular file is set such that it will allow only those beyond the VP level to view the data. If someone changes the main parameter to include manager level in there, the core data set is violated and the system will not detect an intrusion by someone at the manager level, even if they log in with their credentials.

Unlike Ransomware, poison attacks don’t make much noise but cause far more damage as they can go undetected for a longer time. Follow our blog next week as we discuss the 3 common types of poison attacks

Watch out for these poison attacks!
Poison hamper the ability of the system to make smart decisions by disturbing the very core data set that is used to make a decision. Poison attack methodologies typically fall into one of the following 3 categories.

  • Logic corruption
  • Data manipulation
  • Data injection

Logic corruption
In logic corruption, the attacker changes the basic logic used to make the system arrive at the output. It essentially changes the way the system learns, applies new rules and corrupts the system to do whatever the attacker wants.

Data manipulation
In data manipulation, as the name suggests, the attacker manipulates the data to extend data boundaries that result in backdoor entries that can be exploited later. Unlike logic corruption, the attacker doesn’t have access to the logic, so they work with the existing rule and push data boundaries further with a view to accommodate them later.

Data injection
In data injection, the attacker inserts fake data into the actual data set to skew the data model and ultimately weaken the outcome. The weakened outcome then serves as an easy entryway for the attacker into the victim’s system.

Is the Cloud really risk-free?

The Cloud presents plenty of benefits that make it a very attractive choice, especially for SMBs who don’t want to be burdened with higher in-house IT costs, putting your data in the Cloud is not risk-free. Just as storing data on physical servers has its security threats, the Cloud presents certain security concerns as well. These include

  • Data breach: A data breach is when your data is accessed by someone who is not authorized to do so.
  • Data loss: A data loss is a situation where your data in the Cloud is destroyed due to certain circumstances such as technological failure or neglect during any stage of data processing or storage.
  • Account hijacking: Like traditional servers, data in the Cloud could be stolen through account hijacking as well. In fact, Cloud account hijacking is predominantly deployed in cybercrimes that require entail identity thefts and wrongful impersonation
  • Service traffic hijacking: In a service traffic hijacking, your attacker first gains access to your credentials, uses it to understand the online activities that happen in your domain and then uses the information to mislead your users or domain visitors to malicious sites.
  • Insecure application program interfaces (APIs): Sometimes, Cloud APIs, when opened up to third parties, can be a huge security threat. If the API keys are not properly secured, it can serve as an entry point for cybercriminals and malicious elements.
  • Poor choice of Cloud storage providers: A security lapse from the Cloud storage provider’s end is a huge security concern for businesses. It is very important to choose a trusted and experienced Cloud service provider who knows what they are doing.

Apart from the above, there are some common threats that apply to both the Cloud and traditional data storage environments such as a DDoS attack, or a malware attack where your data in the Cloud becomes susceptible because it is being shared with others and at other places.

Some Cloud security mechanisms that SMBs can invest in to keep their data safe

Cloud firewalls: Much like the firewalls you deploy for your local IT network, Cloud firewalls work to prevent unauthorized Cloud network access.

Penetration testing: Penetration testing is a sort of a Cloud security check where IT experts try hacking into the Cloud network to figure out if there are any security lapses or vulnerabilities that could serve cybercriminals.

Obfuscation: In obfuscation, the data or program code is obscured on purpose such that the system delivers unclear code to anyone other than the original programmer, thus mitigating any malicious activity.

Tokenization: Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.1

Virtual Private Networks (VPN): Another, more commonly used mechanism is the VPN. VPN creates a safe passage for data over the Cloud through end-to-end encryption methodology.

Investing in a good Cloud security system is a must, but, in the end, you also need to remember that Cloud security is not only about antivirus software, firewalls, and other anti-malware tools. You need to pick the right MSP and work closely with them to implement a Cloud security solution that works for you.

1https://searchsecurity.techtarget.com/definition/tokenization

Cyber hygiene: The key to your business’s good cyber health

We all know that basic hygiene is a must to lead a healthy life. Did you know that the same rule applies to IT as well? There’s something known as cyber hygiene that plays a key role in keeping your business healthy from the IT perspective. So, how do you ensure your business doesn’t fail when it comes to cyber hygiene? Here are a few tips.

Follow industry benchmarks and standards
Remember that if an IT practice has gained industry-wide recognition and adoption, it is because it certainly offers some benefits. Protocols like the HTTPS implementation, SSL security certificates, CIS Benchmark, etc., are examples of industry standards that you must follow to maintain good cyber hygiene. Following these standards enhance your cybersecurity quotient and also play a positive role in helping you win your customer’s trust.

Stronger IT administration
The role of an IT administrator is very critical in any organization. IT administration involves exercising control over most of the IT activities with a view to ensure the security of your IT environment is never compromised. Make sure your IT admin rules and policies are clearly formulated and covers everything including-

  • Clear definition of user roles
  • Permission levels for each user role
  • Restrictions regarding download/installation of new software
  • Rules regarding external storage devices
IT Audits
Conduct regular IT audits to spot vulnerabilities and gaps that may threaten the security of your IT infrastructure. During the IT audits pay special attention to-
  • Outdated software or hardware that is still in use
  • Pending software updates that make an otherwise secure software vulnerable

Fix what you can and get rid of what is too outdated to be made safe.

Password policy adherence
When it comes to cyber hygiene, passwords are the weakest link as often, people compromise on the password policy for convenience’s sake. Here are a few things to look into at the time of your IT audit to ensure your password policy is being adhered to.

  • Check if passwords are strong enough and follow the standards set for secure passwords
  • Discourage password repetition or sharing
  • Ensure multi-factor authentication, where apart from the password, there is at least one more credential, such as a secret question, a one-time password (OTP) sent to the user’s mobile phone, or a physical token or QR code, to verify and approve data access
Ensure basic security mechanisms are in place
As a part of your cyber hygiene check, ensure you have all the basic security mechanisms in place. These include
  • Anti-malware software programs
  • Firewalls
  • Data encryption tools
  • Physical security and access control tools like biometric access

Pay attention to what happens with obsolete data
How do you get rid of data you no longer need? Even though old data may not be of any use to you from the business perspective, a breach of that data can still hurt you legally. Ensure you get rid of old data safely. It is a good practice to deploy data wiping software and also create policies for the safe destruction of physical copies via shredding or other methods.

Strong cyber hygiene practices can keep your data safe from cybercriminals lurking out there. However, consistently following up and ensuring these best practices are being adhered to, can be taxing on your internal IT team. It may be a good idea to bring an MSP on board who is well versed in cybersecurity to assist you with cyber hygiene.